- May 30, 2017
-
-
Dr. Stephen Henson authored
Reinstate Ed25519 algorithm to curv25519.c this is largely just a copy of the code from BoringSSL with some adjustments so it compiles under OpenSSL. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3503)
-
Andy Polyakov authored
...as discussed in section 2.2 of "Keccak implementation overview". [skip ci] Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
This targets 32-bit processors and is discussed in section 2.1 of "Keccak implementation overview". Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- May 29, 2017
-
-
Rich Salz authored
Require a comma between every name and a single space before the dash Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3559)
-
Marek Klein authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3538)
-
Thijs Wenker authored
The version number 3 means version 4, while 2 means version 3. Since this is the v3nametest, version 3 should be used. CLA: Trivial Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3577)
-
- May 28, 2017
-
-
Richard Levitte authored
It turned out to be a bad idea. This reverts commits 6891a79d and c27bc746 . Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3576)
-
Richard Levitte authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3574)
-
- May 27, 2017
-
-
Richard Levitte authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3573)
-
Josh Soref authored
Unfortunately it affects error code macros in public cms.h header, for which reason misspelled names are preserved for backward compatibility. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3463)
-
- May 26, 2017
-
-
Matt Caswell authored
Issue #3562 describes a problem where a race condition can occur in the Proxy such that a test "ok" line can appear in the middle of other text causing the test harness to miss it. The issue is that we do not wait for the client process to finish after the test is complete, so that process may continue to write data to stdout/stderr at the same time that the test harness does. This commit fixes TLSProxy so that we always wait for the client process to finish before continuing. Fixes #3562 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3567)
-
Matt Caswell authored
Commit 9bfeeef8 made some function parameters const. This actually broke the pyca-cryptography tests. The discussion in #3360 considers this to actually be a problem with pyca-cryptography not an OpenSSL issue (they replicate some of our header file contents which then causes function prototype mismatches). This commit updates the pyca-cryptography version to pull in their fix for this issue and make our external tests pass again. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3569)
-
Todd Short authored
The check for SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is inconsistent. Most places check SSL->options, one place is checking SSL_CTX->options; fix that. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> GH: #3523
-
Rainer Jung authored
CLA: Trivial Fixes #3563. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3564)
-
Andy Polyakov authored
Recently introduced TEST_* macros print variables' symbolic names. In order to make error output more readable rename some variables. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3526)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3526)
-
- May 25, 2017
-
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #3557
-
Matt Caswell authored
Commit bd990e25 changed our handling of alerts. Some of the BoringSSl tests were expecting specific errors to be created if bad alerts were sent. Those errors have now changed as a result of that commit, so the BoringSSL test config needs to be updated to match. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3549)
-
Matt Caswell authored
Fixes #3541 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3553)
-
Matt Caswell authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3546)
-
- May 24, 2017
-
-
David Woodhouse authored
Part of issue #3531 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3535)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3532)
-
- May 23, 2017
-
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3506)
-
Rich Salz authored
Re-order and comment on the functions Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3506)
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3529)
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3528)
-
Dr. Stephen Henson authored
SSLv3 (specifically with client auth) cannot use one shot APIs: the digested data and the master secret are handled in separate update operations. So in the special case of SSLv3 use the streaming API. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3527)
-
Paul Yang authored
In the example section. CLA: trivial Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3520)
-
- May 22, 2017
-
-
Rich Salz authored
This reverts commit e2580e70 . Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Updates https://github.com/openssl/openssl/pull/3268)
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
-
Matt Caswell authored
Provides consistent output and approach. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
-
Matt Caswell authored
If we have an assert then in a debug build we want an abort() to occur. In a production build we want the function to return an error. This introduces a new macro to assist with that. The idea is to replace existing use of OPENSSL_assert() with this new macro. The problem with OPENSSL_assert() is that it aborts() on an assertion failure in both debug and production builds. It should never be a library's decision to abort a process (we don't get to decide when to kill the life support machine or the nuclear reactor control system). Additionally if an attacker can cause a reachable assert to be hit then this can be a source of DoS attacks e.g. see CVE-2017-3733, CVE-2015-0293, CVE-2011-4577 and CVE-2002-1568. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3496)
-
Pauli authored
Don't highlight excess when comparing unequal length strings. Clean up the NULL / empty string display. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3514)
-
Pauli authored
Excess bytes, when one block is longer than the other, are not explicitly highlighted. The NULL / zero length block output has been cleaned up. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3515)
-